NIST has published a draft Zero Trust Architecture special publication 800.207. The purpose is to develop a technology-neutral lexicon of the logical components of a zero trust strategy, define ZTA, describe possible deployment scenarios, and highlight threats.
The primary purpose of the document is to develop a standard taxonomy for ZTA components rather than give guidance or recommendations on how to deploy them. Nevertheless, the document provides a very detailed introduction to the components, their interrelationship, the problems involved, and how the components could be implemented in a migration to a zero trust architecture.
Zero trust is a security approach designed to counter the loss of a defendable perimeter in the modern distributed, cloud encompassing, remote working infrastructure. With no “visible” perimeter, zero trust suggests that enterprises consider everything – whether part of the internet or owned by the enterprise – to be hostile.
